Technology, media and telecommunications law update – March 2016
Key developments during March 2016 in the areas of Technology, Media and Telecommunications are summarised as follows.
TMT judgements in March 2016
|Software licensing case provides useful guide for determining rights of parties||3 Mar 2016||The Full Federal Court considered a range of issues which typically arise in IT contract disputes: JR Consulting and Drafting Pty Limited v Cummings  FCAFC 20. The case, which involved an argument over contract interpretation, intellectual property ownership, confidential information, contract abandonment and termination rights, provides a useful guide as to factors which a court will take into account when determining the respective rights of parties to a software licence.|
|Misuse of confidential information by employee||4 Mar 2016||The Federal Court handed down a decision in relation to remedies available against a company employee who breached the terms of an employment contract prohibiting him from conducting business on his own account in competition with the employer: APT Technology Pty Ltd v Aladesaye (no 2)  FCA 203. Foster J found that the employee had breached his employment contract, a fiduciary duty owed by him to the company and a duty of fidelity owed as an employee, together with an equitable duty of confidence and obligations arising under the Corporations Act 2001. The court issued an injunction restraining the employee from directly or indirectly using or disclosing any confidential information or intellectual property belonging to the employer.|
|Poaching clients||17 Mar 2016||The Supreme Court of New South Wales assessed damages against a former employee of the plaintiff company who was found to have poached clients during and after the period of her employment: Helensburg Property Management Pty Ltd v Brady  NSWSC 253. The Defendant was found to have breached an implied duty of loyalty and good faith in using her employer’s confidential information other than in the performance of her duties, and by poaching the Plaintiff’s clients both during and immediately after her employment with the Plaintiff. The assessment of damages was complicated by evidence which suggested the clients would have followed the employee in any event, once the period of restraint had expired. The company was awarded damages of $33,740.|
TMT legislation, guidelines, amendments and updates
Amendment to NSW privacy legislation
On 17 March 2016, the Privacy and Personal Information Protection Amendment (State Owned Corporations) Bill 2016 (NSW) was tabled in the New South Wales Parliament. The object of the Bill is to amend the Privacy and Personal Information Protection Act 1998 to remove the exclusion of State owned corporations from that Act, consistent with the recommendation made in a report to Parliament by the New South Wales Privacy Commissioner.
My Health Records Guidelines
On 18 March 2016, the My Health Records (Information Commissioner Enforcement Powers) Guidelines 2016, made pursuant to section 111(2) of the My Health Records Act 2012 (Cth), were tabled. The guidelines, which replace the PCEHR (Information Commissioner Enforcement Powers) Guidelines 2013, set out the Information Commissioner’s general approach to the exercise of investigative powers under both the My Health Records Act and the Privacy Act in relation to the My Heath Record system.
Patient privacy in the ACT
On 22 March 2016, the Health (Patient Privacy) Amendment Act 2015 came into effect in the Australian Capital Territory. The object of the amendment to the Health Act 1993 (ACT) is to establish a protest-free zone around health facilities to ensure that women accessing medical treatment, such as abortions, have safe access to legal and medically recognised health procedures within a defined zone and within certain hours on business days.
TMT-related policies, legislative reports and enquiries
REPORT OR ENQUIRY
OUTCOME / RECOMMENDATIONS
|Statutory remedy for invasion of privacy||On 3 March 2016, the Standing Committee on Law and Justice of the New South Wales Legislative Council published a report on remedies for the serious invasion of privacy in New South Wales. Terms of reference had been referred to the Committee on 24 June 2015, seeking a report on the adequacy of existing remedies for invasion of privacy and consideration of whether a statutory cause for serious invasion of privacy should be introduced.||The Committee recommended that the New South Wales government introduce a statutory cause of action for serious invasions of privacy, based on a model recommended by the Australian Law Reform Commission in a 2014 report.|
|Smart ICT Report||On 14 March 2016, the House of Representatives Standing Committee on Infrastructure, Transport and Cities published a report entitled Smart ICT: Report on the enquiry into the role of Smart ICT in the design and planning of infrastructure. The report focused on the role of new technologies and systems in the design, construction and management of infrastructure assets and concluded, amongst other things, that there was a need for greater coordination within and between levels of government, and between government and industry, with respect to the design, planning, procurement, construction and management of smart infrastructure at a national level.||The establishment of a Smart Infrastructure Taskforce, representing a cross section of stakeholders on a national basis, was recommended as a means of coordinating the development and implementation.|
|ARCA submission in relation to data breach notification||On 21 March 2016, the Australian Retail Credit Association, which represents organisations involved in the exchange of credit reporting data in Australia, published its submission in relation to the Federal Government’s draft Privacy Amendment (Notification of Serious Data Breaches) Bill 2015.||The submission raised concerns in relation to a number of elements in the Bill, including the 30 day period for assessment of a serious data breaches, an inadequately defined concept of “reasonable grounds”, inadequate recourse to directions from the Information Commissioner, the proposed definitions of “real risk” and “harm” and the lack of a safe harbour for encrypted data.|
Health privacy issues
In addition to the health-related legislative initiatives referred to above, the following issues gained prominence during March 2016.
Patient privacy in South Australia
On 3 March 2016, the Shadow Minister for Health, the Hon Stephen Wade MLC, announced that the Opposition would introduce legislation to amend the Healthcare Act 2008 (SA) to make it an offence for a person to improperly access or use personal information. At present, it is only an offence under the Act to disclose personal information.
Digital hospital in Queensland
On 11 March 2016, the Queensland Minister for Health and Minister for Ambulance Services, the Hon Cameron Dick, announced that Brisbane Princess Alexandra hospital had become Australia’s first public digital hospital, heralding a revolution in the way healthcare would be delivered in Queensland. It was announced that the 2000 paper records currently circulating through the hospital at any given time would be replaced by real-time patient information being sent to a secure electronic medical records.
Other privacy law news
Consumer Privacy Network
On 14 March 2016, the Office of the Australian Information Commissioner announced the establishment of a Consumer Privacy Network. Organisations representing consumer interests have been encouraged to join. The Group, which will meet twice a year, will focus on identifying privacy issues affecting consumers.
Privacy of Census Information
On 10 March 2016, the Australian Financial Review reported that there was a risk of legislative change which might affect the privacy of data collected in the 2016 Census, due to be conducted on 9 August 2016. The Australian Bureau of Statistics (ABS) responded on 11 March 2016 that the report was without foundation. The concern surrounds the reported intention of the ABS to retain all private data collected, whereas previously private data had only been retained on an opt-in basis.